1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00

Fix #1994 Lockable no longer leaks account existence

This commit is contained in:
Drew Ulmer 2012-10-25 16:51:56 -05:00
parent 00e8841e93
commit 00a01c2bc4

View file

@ -105,7 +105,11 @@ module Devise
end end
def unauthenticated_message def unauthenticated_message
if lock_strategy_enabled?(:failed_attempts) && attempts_exceeded? # If set to paranoid mode, do not show the locked message because it
# leaks the existence of an account.
if Devise.paranoid
super
elsif lock_strategy_enabled?(:failed_attempts) && attempts_exceeded?
:locked :locked
else else
super super